Do you know the story of Hans Brinker, the little Dutch boy who plugged a dike with his finger? We could have used him during the great flood of 1953! It is a great story, but in all honesty, there is not much one boy can do against the full power of the sea. Nevertheless, many businesses still seem to think that we can use simple stopgaps and pro forma policies to ward off electronic threats. Those who think that this is the solution to the problem believe in fairytales.
There are always a few of them at every party: proud-as-punch parents who tell you how IT savvy their young offspring are. Babies that swipe TV screens, toddlers that are given limitless access to the web, teenagers that reconfigure the home network; we used to be proud that we were the only ones able to configure the VCR, but now it is as though we are raising a whole generation of script kiddies.
Honestly, that is not too far from the truth. Script kiddies are not real hackers. They use others' work to make mischief and in the same way, our children have become devilishly handy with computers. But if you ask them what the difference is between 4G and WiFi, or what a driver is, and all you get are blank stares.
This is a development that is characteristic of the modern age. In order to be considered tech-savvy, one barely has to have any understanding of IT. Specialists are being bombarded on all fronts by a new wave of young people, marketers, HR staff, data and finance experts, and other colleagues, all of whom have their own pronounced opinions on IT. If you are too slow to respond, they act on those opinions and in that context, the cloud has a clearly defined dark side.
This poses a significant security issue. Data makes the world go round – data is the new capital of the modern age, but while more and more people are learning to play with it, it is becoming increasingly clear that most people's understanding of the underlying systems is, at best, extremely superficial.
Digital transformation is wonderful, but data only makes good on its value when we can guarantee its value and that is a business interest that someone in the organization has to safeguard. But who? If everyone in the organization lets data slip through their fingers like sand, who will you turn to, to ensure that this at least happens securely? To the IT department, of course.
But they cannot do it alone. The security of our data is an interest for which everyone in the organization carries responsibility, which means that every user must thoroughly understand that handling data is a responsible task. Just as no one should operate heavy machinery without the proper training, no one should be allowed to handle sensitive data without being properly educated in the risks that improper use entails. Have your staff already followed a workshop on the requirement to report data leaks? No? There hasn't even been an e-mail sent out? Why not?
As the department with the most understanding of the issues, IT is responsible for helping the rest of the organization to undergo a digital transformation that not only looks good on the outside, but which is also solid on the inside.
But there is more to it than just that, because your organization cannot do it alone either. How many security experts do you have working in your IT department? How much time do they dedicate to security? How reasonable is it to expect of those employees that they hold the line against the flood of security threats bearing down upon us? It would be comparable to the municipality of a small village deciding to hold back the North Sea alone. Can you imagine how the civil servant charged with that task would feel?
What we need is a new Delta plan. One that radiates the understanding that cybersecurity is not something that one person should be left to do alone. A plan in which we join hands and collectively produce a solution, because security in a digital world is not a job that you can saddle a single person, department or even an organization with. If we hope to keep our feet dry in the digital age, we need to establish a coordinated collaboration between all individually connected businesses and institutions. Hans Brinker would not make it today.